[Snort-users] kill -HUP doesn't work

Demetri Mouratis dmourati at ...3877...
Mon Sep 22 16:59:07 EDT 2003

On 22 Sep 2003, Florin Andrei wrote:
> It looks like kill -HUP $snort_pid does not work. If i run it, snort
> dies.
> Here are the system logs at the moment when a system script attempted to
> rotate the snort logs:
> Sep 21 04:02:02 tart snort: FATAL ERROR: OpenPcap() device eth0 open:
> ^Isocket: Operation not permitted
> Sep 22 04:02:02 tart snort: snort shutdown failed

Here's your problem.  It looks like the user running snort no longer has
privilidges on the eth0 interface.  This most likely means you used either
the -u <uname> command line option when you started snort, or you're
running in some kind of chroot'ed environment.

To work around this you can create a sysvinit script under
/etc/init.d/snort then simply do /etc/init.d/snort restart from your
logrotate script.

Demetri Mouratis
dmourati at ...3878...

More information about the Snort-users mailing list